Write KubeConfig to tmp file in working dir

Instead of using the name of the secret, as this can cause unexpected
collisions in edge case scenarios.

Signed-off-by: Hidde Beydals <[email protected]>

Author: hiddeco

controllers/kustomization_controller.go

@@ -614,15 +614,15 @@ func (r *KustomizationReconciler) writeKubeConfig(kustomization kustomizev1.Kust
 		return "", err
 	}
 
-	kubeConfigPath, err := securejoin.SecureJoin(dirPath, secretName.Name)
+	f, err := ioutil.TempFile(dirPath, "kubeconfig")
+	defer f.Close()
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("unable to write KubeConfig secret '%s' to storage: %w", secretName.String(), err)
 	}
-	if err := ioutil.WriteFile(kubeConfigPath, kubeConfig, os.ModePerm); err != nil {
+	if _, err := f.Write(kubeConfig); err != nil {
 		return "", fmt.Errorf("unable to write KubeConfig secret '%s' to storage: %w", secretName.String(), err)
 	}
-
-	return kubeConfigPath, nil
+	return f.Name(), nil
 }
 
 func (r *KustomizationReconciler) getKubeConfig(kustomization kustomizev1.Kustomization) ([]byte, error) {